Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 604790

Summary: www-apps/nextcloud: failed integrity check because of .webapp-nextcloud-11.0.0 (app-admin/webapp-config)
Product: Gentoo Linux Reporter: gerion <gerion.entrup>
Component: Current packagesAssignee: Bernard Cafarelli <voyageur>
Status: RESOLVED FIXED    
Severity: normal CC: endymion+gentoo, evadim, gentoo, kripton, web-apps, xaviermiller
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=579300
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: security-check-failed.txt

Description gerion 2017-01-05 23:43:58 UTC 
Created attachment 458866 [details]
security-check-failed.txt

Nextcloud have a builtin file integrity security check. See the [Nextcloud documentation](https://docs.nextcloud.com/server/11/admin_manual/issues/code_signing.html) for more information.

When installing Nextcloud with webapp-config, webapp-config places the file .webapp-nextcloud-11.0.0 with some text into the root directory.

This triggers a security message by the admin user. I have attached the relevant file. The signatures of Nextcloud are stored in ./core/signature.json. Nextcloud offers no way to extend the list of files and recommends the removal of the additional files.

Because as far as I know installing with webapp-config is the default gentoo way, I file this bug here.

I assume, this bug happens with Owncloud as well (though I've not tested it).
Comment 1 Romain Riviere 2017-01-17 09:16:12 UTC 
Confirmed, but this needs to be solved upstream. I just submitted an issue and a pull request over there:
https://github.com/nextcloud/server/issues/3112
https://github.com/nextcloud/server/pull/3113
I'll try and update this if the PR is accepted and merged.
Comment 2 Bernard Cafarelli gentoo-dev 2017-01-17 11:24:34 UTC 
Thanks for the report and pushing this upstream, for owncloud there is bug #579300

It will be nice not to see this warning anymore indeed (without having to push a webapp-config update/rewrite to handle this)
Comment 3 Al Johnson 2018-03-23 19:54:45 UTC 
Some more progress - pull request accepted by one reviewer but still waiting for a second.

https://github.com/nextcloud/server/pull/8647
Comment 4 Bernard Cafarelli gentoo-dev 2019-10-01 12:19:05 UTC 
Finally fixed with https://github.com/nextcloud/server/pull/14198 pulled in and 17.0 release! This new version is on its way to portage tree